Skip to content

Fixes bug in SQL queries created by spring-security-acl when using pr… #5216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from

Conversation

lpavan
Copy link

@lpavan lpavan commented Apr 6, 2018

…imary keys for ACL identity objects with types other than String

I´m using spring-security-acl in objects which have UUID as their primary key in a project that uses Microsoft SQL as database. I was getting the following stack trace:

org.springframework.dao.DataIntegrityViolationException: PreparedStatementCallback; SQL [select obj.object_id_identity as obj_id, class.class as class, class.class_id_type as class_id_type from acl_object_identity obj, acl_object_identity parent, acl_class class where obj.parent_object = parent.id and obj.object_id_class = class.id and parent.object_id_identity = ? and parent.object_id_class = (select id FROM acl_class where acl_class.class = ?)]; Unable to convert between java.util.UUID and JAVA_OBJECT.; nested exception is java.sql.SQLException: Unable to convert between java.util.UUID and JAVA_OBJECT.
	at org.springframework.jdbc.support.SQLStateSQLExceptionTranslator.doTranslate(SQLStateSQLExceptionTranslator.java:102)
	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:73)
	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:81)
	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:81)
	at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:660)
	at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:695)
	at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:727)
	at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:737)
	at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:787)
	at org.springframework.security.acls.jdbc.JdbcAclService.findChildren(JdbcAclService.java:91)
	at org.springframework.security.acls.jdbc.JdbcMutableAclService.clearCacheIncludingChildren(JdbcMutableAclService.java:378)
	at org.springframework.security.acls.jdbc.JdbcMutableAclService.updateAcl(JdbcMutableAclService.java:369)
[....]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.sql.SQLException: Unable to convert between java.util.UUID and JAVA_OBJECT.
	at net.sourceforge.jtds.jdbc.Support.convert(Support.java:632)
	at net.sourceforge.jtds.jdbc.JtdsPreparedStatement.setObjectBase(JtdsPreparedStatement.java:590)
	at net.sourceforge.jtds.jdbc.JtdsPreparedStatement.setObject(JtdsPreparedStatement.java:907)
	at org.springframework.jdbc.core.StatementCreatorUtils.setValue(StatementCreatorUtils.java:427)
	at org.springframework.jdbc.core.StatementCreatorUtils.setParameterValueInternal(StatementCreatorUtils.java:235)
	at org.springframework.jdbc.core.StatementCreatorUtils.setParameterValue(StatementCreatorUtils.java:166)
	at org.springframework.jdbc.core.ArgumentPreparedStatementSetter.doSetValue(ArgumentPreparedStatementSetter.java:66)
	at org.springframework.jdbc.core.ArgumentPreparedStatementSetter.setValues(ArgumentPreparedStatementSetter.java:47)
	at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:701)
	at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:644)
        ... 104 common frames omitted

After trying to find out the cause of the error, including being suspicious of the database driver I was using, I tracked the bug down to the fact that the identifier of the ObjectIdentity is not converted to String when such identifier gets passed to a SQL query inside the classes JdbcAclService and JdbcMutableAclService.

It´s easy to see the problem looking at the class BasicLookupStrategy, where the following code gets it right(line 394) by correctly calling toString() in the object identity identifier:

Set<Long> parentsToLookup = jdbcTemplate.query(sql,
new PreparedStatementSetter() {
public void setValues(PreparedStatement ps) throws SQLException {
int i = 0;
for (ObjectIdentity oid : objectIdentities) {
// Determine prepared statement values for this iteration
String type = oid.getType();
// No need to check for nulls, as guaranteed non-null by
// ObjectIdentity.getIdentifier() interface contract
String identifier = oid.getIdentifier().toString();
// Inject values
ps.setString((2 * i) + 1, identifier);
ps.setString((2 * i) + 2, type);
i++;
}
}
}, new ProcessResultSet(acls, sids));

In order to be able to use spring-security-acl with UUIDs I also had to change the source code and add public to the class AclClassIdUtils just like in the issue #4814, what makes me believe that, as of now, not many other people are using spring-security-acl with objects with UUID as primary key elsewhere.

…imary keys for ACL identity objects with types other than String
@pivotal-issuemaster
Copy link

@lpavan Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@pivotal-issuemaster
Copy link

@lpavan Thank you for signing the Contributor License Agreement!

@eleftherias
Copy link
Contributor

Thank you for the PR @lpavan. However, the same code changes have already been applied via d1a754f . Therefore, I am closing this PR.

@eleftherias eleftherias self-assigned this Oct 15, 2019
@eleftherias eleftherias added status: duplicate A duplicate of another issue and removed status: waiting-for-triage An issue we've not yet triaged labels Oct 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: duplicate A duplicate of another issue
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants